Mobile Code Security Techniques

This paper presents a survey of existing techniques for achieving mobile code security, as well as a representative sampling of systems which use them. In particular, the problem domain is divided into two portions: protecting hosts from malicious code; and protecting mobile code from malicious hosts. The discussion of the malicious code problem includes a more in-depth study of the Java security model, as well as touching upon several other systems. The malicious host problem, however, is much more difficult to solve, so our discussion is mostly restricted to ongoing research in that area. Comments University of Pennsylvania Department of Computer and Information Science Technical Report No. MSCIS-98-28. This technical report is available at ScholarlyCommons: http://repository.upenn.edu/cis_reports/168 Mobile Code Security Techniques

[1]  Bennet S. Yee A Sanctuary for Mobile Agents , 2001, Secure Internet Programming.

[2]  George C. Necula,et al.  Safe, Untrusted Agents Using Proof-Carrying Code , 1998, Mobile Agents and Security.

[3]  Christian F. Tschudin,et al.  Protecting Mobile Agents Against Malicious Hosts , 1998, Mobile Agents and Security.

[4]  Giovanni Vigna,et al.  Protecting Mobile Agents through Tracing , 1997 .

[5]  Daniel Hagimont,et al.  A protection scheme for mobile agents on Java , 1997, MobiCom '97.

[6]  James White,et al.  Mobile Agents White Paper , 1996 .

[7]  T. Anderson,et al.  Eecient Software-based Fault Isolation , 1993 .

[8]  Daniela Rus,et al.  Market-based resource control for mobile agents , 1998, AGENTS '98.

[9]  John K. Ousterhout,et al.  The Safe-Tcl Security Model , 1998, USENIX Annual Technical Conference.

[10]  Journal of the Association for Computing Machinery , 1961, Nature.

[11]  Margo I. Seltzer,et al.  Dealing with disaster: surviving misbehaved kernel extensions , 1996, OSDI '96.

[12]  Furio Honsell,et al.  A framework for defining logics , 1993, JACM.

[13]  D. B. Davis,et al.  Sun Microsystems Inc. , 1993 .

[14]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[15]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[16]  James A. Gosling,et al.  The java language environment: a white paper , 1995 .

[17]  Carl A. Gunter,et al.  PLAN : A Programming Language for Active Networkssubmitted to PLDI ' 98 , 1998 .

[18]  References , 1971 .

[19]  James E. White,et al.  Mobile Agents , 1997, Lecture Notes in Computer Science.

[20]  X. Leroy Le système Caml Special Light: modules et compilation efficace en Caml , 1995 .

[21]  Silvio Micali,et al.  CS proofs , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[22]  Robert S. Gray,et al.  Agent Tcl: a Exible and Secure Mobile-agent System , 1996 .

[23]  Tommy Thorne,et al.  Programming languages for mobile code , 1997, CSUR.

[24]  Tim Berners-Lee,et al.  Hypertext Markup Language - 2.0 , 1995, RFC.

[25]  Gene Tsudik,et al.  Itinerant Agents for Mobile Computing , 1995, IEEE Communications Surveys & Tutorials.

[26]  Atul Prakash,et al.  Building Systems That Flexibly Download Executable Content , 1996, USENIX Security Symposium.

[27]  Henry M. Levy,et al.  Capability-Based Computer Systems , 1984 .

[28]  Luís Valente,et al.  Mobile agent security and Telescript , 1996, COMPCON '96. Technologies for the Information Superhighway Digest of Papers.

[29]  F. Honsell,et al.  A Framework for De ning LogicsRobert Harper , 1987 .

[30]  Frederick Knabe An Overview of Mobile Agent Programming , 1996, LOMAPS.

[31]  Theodore C. Goldstein The Gateway Security Model in the Java Electronic Commerce Framework , 1997, Financial Cryptography.